Enabling IBM Text Search for Db2 for z/OS for encrypted security credentials

If the value of the TCPALVER subsystem parameter is set to the recommended value SERVER_ENCRYPT in your Db2 environment, you must enable the text search server to use encrypted security credentials.

About this task

If the TCPALVER subsystem parameter is set to the recommended value SERVER_ENCRYPT, Db2 requires strong encryption for user IDs and credentials in the network. If the text search server is not correctly configured to encrypt the credentials, it can encounter the following error message:

DSNL030I :PAJB DSNLTSEC.39 DDF PROCESSING FAILURE
with REASON=00D30116

To avoid this problem, you can modify the class path of IBM Text Search for Db2 for z/OS to enable it to pick up the correct security mechanism from the JCC driver.

Procedure

To enable the text search server to use encrypted credentials, complete the following steps. These steps assume that the text search server is installed in the following location: /opt/IBM/db2/textsearch.

In the /opt/IBM/db2/textsearch/bin directory, modify the setup.sh file by adding the following definition at the end of the existing class path.
```
:$WHITNEY_HOME/lib
```
In the /opt/IBM/db2/textsearch/lib directory, create a file that is named DB2JccConfiguration.properties, and save it with the following content.
```
db2.jcc.override.securityMechanism=9
db2.jcc.override.encryptionAlgorithm=2
```
Stop and restart the text search server.

What to do next

If you see the following error message, you need to enable the z/OS Integrated Cryptographic Service Facility (ICSF) in your Db2 for z/OS environment.

DSNL045I -DB2A DSNLCICF ICSF CSNFPKE FUNCTION FAILED 913
WITH RETCODE='0000000C'X AND RSNCODE='00002B34'X